Jump to content

Covid19 Tracker App [Android]


Live Update from WHO and DOH about the latest Covid19 Cases in the Philippines and around the world.
Download Now

TextBin Online

TextBin is a website where you can store any text online for easy sharing.
More Info
Info
  • Welcome to PhCyber
  • Explore and Enjoy Browsing!
  • Lots of useful topics
  • Stay active and receive prizes
sk3llum

Millions Of Windows & Linux Systems Are Vulnerable To Remote Hack Manufactured By Lenovo, Dell, HP..

Recommended Posts

Researchers discovered multiple unsigned firmware in various system components such as WiFi adapters, USB hubs, trackpads, and cameras used in Lenovo, Dell, HP and other major manufacturers.

 

image.png

 

The flaws existing in these components allowed the attackers to compromise millions of Windows and Linux systems, and exfiltrate the data, disrupt the operation also implant the malware.

 

Once firmware components are infected, it allowed attackers to implant malware that stays undetected by any software security controls.

The primary issue in the flaw is that many of the peripheral devices do not verify that firmware is properly signed with a high-quality public/private key before running the code.

 

It means these above list components have no way to validate that the firmware loaded by the device is properly authenticated and trusted.

It can be taking advantage of the attacker and simply insert a malicious or vulnerable firmware image that eventually trusted by the component blindly and let it run on the device.

 

In results, Unsigned firmware in wifi adapters, USB hubs, trackpads, laptop cameras and network interface cards provides multiple pathways for malicious attackers to compromise laptops and servers.

 

Researchers explain the following very simple and powerful scenario for an attack:

  1. An attacker gains access to a device via any method, such as malware delivered via email or a malicious website, or an evil maid attack. With basic user privileges, the attacker/malware could write malicious firmware to a vulnerable component.
  2. If the component doesn’t require the firmware to be properly signed, the attacker’s code is loaded and run by the component.
  3. The attacker can then use the unique functionality and privileges of that component to further an attack.

 

For example, If the malicious firmware implant in the network adaptor, it allows attackers to sniff, copy, redirect, or alter traffic leading to a loss of data, man-in-the-middle and other attacks.

 

Insecure Firmware In Peripherals

Researchers from Eclypsium explains some of the vulnerable firmware in various computer brands such as Lenovo, Dell and USB adapter.

 

Touchpad and TrackPoint Firmware in Lenovo Laptops:

Researchers analyzed a Lenovo ThinkPad X1 Carbon 6th Gen laptop that used the following firmware.

  • Touchpad Firmware: pr2812761-tm3288-011-0808.img
  • TrackPoint Firmware: PSG5E5_RANKA_fv06.bin

 

Both firmware contains an insecure update mechanism, and it doesn’t require any cryptographic signature verification before applied the firmware update.

It potentially allowed attackers to modify the firmware images through software to run arbitrary malicious code within these components.

 

HP Wide Vision FHD Camera Firmware in HP Laptops:-

A firmware update distributed by HP components was unencrypted and lacked authenticity checks.

Also, these firmware doesn’t contains any form of cryptographic signature or other authenticity information.

“Researchers confirmed this vulnerability by modifying USB descriptors on a device that was updated with the tool. Of particular note, the SunplusIT firmware updater can successfully update a device even as a normal user. Firmware updates should require Administrator access.”

 

WiFi Adapter on Dell XPS Laptop:

During this research, experts demonstrate the flaw that allows modifying the firmware of the WiFi adapter on a Dell XPS 15 9560 laptops running Windows 10.

 

image.png

 

In this above image, the firmware image for the WiFi adapter is correctly signed by the drivers and also it displayed the small certificate icon.

Once researchers modified the firmware image for the Wifi adapter, the certificate icon is gone way.

 

image.png

 

Demonstration :

Researchers tested the unsigned firmware in a network interface card (NIC) chipset, in which specifically the Broadcom BCM5719 chipset in the NIC was used in this demonstration, and is commonly used in current-generation servers from multiple manufacturers.

 

For Members Only. Check this link for more info https://phcyber.com/topic/1703-phcyber-ranking/

 

 

In this demonstration, researchers intercept the contents of BMC network packets, provide those contents to malware running on the host and also they were able to modify BMC traffic online.

A malicious attack on a NIC can have a profound impact on the server, compromising the operating system remotely, providing a remote backdoor, snooping and exfiltrating raw network traffic and bypassing operating system firewalls to extract data or deliver ransomware.

These critical flaws clearly indicate that unsigned firmware can lead to the loss of data, integrity, and privacy, and can allow attackers to gain privileges and hide from traditional security controls.


  • Like 2

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.




General Chat

General Chat

Please enter your display name

×
×
  • Create New...